I'm new in Microsoft Azure and we are encountering problem in limiting access in specific page of our website to specific ip address. What we would like to do is only specific ip address can visit certain pages like /user, /admin. We don't know if there's a way in allowing specific ip using Web.Config.
I hope you can help me. Thank you
I think you need to look at Application Gateway to restricte IP to a specific route.
https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-restrict-web-traffic-powershell
It is possible to do it in the web config:
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/ipsecurity/
Example: Is it possible to configure a location in Web.config to only allow local connections
If you want to allow specific IP address on a specific route, then you can create a custom IP filter attribute like this, and you can put it on your controllers:
Restrict access to a specific controller by IP address in ASP.NET MVC Beta
Related
I have created one azure web app service (S1:1), I have registered custom domain (TXT, CNAME & A records in DNS) for this site. I am able to access site using FQDN (https://xyz.pqr.com) but when I am using IP address to access this site it give me below error.
Why am I doing this?
I want to redirect another application to this application using DNS resolver for that it make use of IP address.
The 404 error occurs due to multiple reasons, please check the below to resolve the error:
Please check your domain resolves to the apps IP address by using whatsmydns.net
Please check whether the A record is pointing to the wrong IP address.
Check whether the custom domain is having correct A record and CNAME configured.
The old IP address may be cached, so trying to clear the cache.
Make sure the custom domain is present in the Azure App Service like below:
Please note that, using both a CNAME record and an A record for the same domain can cause a conflict and prevent the domain from being resolved.
Please check this MsDoc for few causes and solutions that may give you a pointer to solve the issue.
For more in detail, please refer below links:
Azure WebApps Custom Domain 404 error by AjayKumar-MSFT
Azure web app custom domain problem by Ryan Hill
I am very new to Cloudflare. So please bear with me. I need to access my website (hosted in Microsoft Azure - App Services) via IP address instead of the domain name.
To do this, I need to add HOST=www.mydomain.com into the HTTP header when requesting the website via IP address.
I heard it can be solved via Cloudflare, but the person I asked will not elaborate further. Is it possible? If yes, what service should I purchase? Any manual or instruction will be appreciated.
If Cloudflare isn't possible, do you have any service recommendations?
Thanks :)
The reason the host header is needed is because Azure App Services are multi-tenant (multiple apps on a single IP) by default. So, the server needs some way to know where to route your request to (the host name). In addition, IPs are not guaranteed to be static (they can change as you scale for instance).
It should be possible to secure a single static IP address using the following method -
https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips#get-a-static-inbound-ip
What is unclear is whether or not this IP would also be dedicated (meaning only your domain would use it). This is what would be required in order to allow you to access the app service without a hostname specified.
Cloudflare will not solve this issue, as it sits at the DNS layer (domain name access). Accessing a server via IP would bypass Cloudflare entirely.
I have 2 separate webapi apps and I want the 1st one to be a normal webapi app which can be accessed by any authorised over the internet. With the 2nd one, I need it to not be publicly accessible and only available to the 1st (so the 2nd app is 'nested' within the first somehow).
Could anyone please tell me how I can achieve this (the apps are hosted in IIS Express at present but will be in iis for production)?
Many thanks
If you're concerned about security (and everyone should be), you can configure IIS to allow only specific computers, groups of computers or domains access to your Web site. Here's the procedure:
1)Open the IIS console and go to the Properties of your Web site.
2)double-click IP Address and Domain Restrictions.
3)Click Add Allow Entry... (on the right pane) to add an IP address or IP address range which will be allowed to access the website. Click OK.
Repeat this step to add other IP addresses to the list.
Once allowed IP addresses have been added, click Edit Feature Settings... and select Deny for Access for unspecified clients. Click OK.
Now, only users with the specified IP addresses are able to access the website.
Background:
I'm hosting 2 separate Website instances - 1 for a WebAPI2 "API", and 1 as an MVC5 "Client" that consumes said API. I would like to restrict access for the "API" to the "Client" (there are multiple clients)
(I've only seen answers for Cloud Services or VMs, so wanted to ask if there was anything I could use for Websites. I don't want to use a cloud service or a VM, as the website is faster, lighter, cheaper - which is what I need.... could not find a firewall feature for Websites in Azure.)
Problem:
I believe I can limit access to the "API" by setting parameters in the project's Web.Config file.
But nslookup in the command prompt yields the same IP Address for all azure websites under my account.
Question:
How do I find the right IP Address -- one that the "Client" website will use to access the "API" Website instance?
If there is a better way to restrict access...please do suggest it.
You cannot secure your site by IP ACLing as web sites in Azure are running in a multi-tenant environment and they share set of IP addresses (IP addresses are per DC).
You need to rely on different security mechanisms (using some secret which only client/server know etc.).
Hope that helps.
You can also take a look at How to determine Azure website outgoing IP Address?
Petr
I am using multiple domains to access liferay portal instance.
For example following are the domains mapped in hosts file of windows:
www.liferaytest1.com
www.liferaytest2.com
and in Liferay's Control Panel → Portal Settings, www.liferaytest1.com is set as virtual host.
I can access portal instance with all above mention domains along with localhost.
When I access portal with www.liferaytest1.com then I can access Guest site pages directly. Say, home is a page in Guest site then instead of accessing with www.liferatest1.com/web/guest/home I can access it directly with www.liferaytest1.com/home
So URL is shortened to some extend.
So far so good.
First Concern
Now when I try to access portal via www.liferaytest2.com and when I click any sites listed in My Sites portlet of Liferay, it redirects me to that site with the domain mentioned in virtual host i.e. www.liferaytest1.com instead of retaining www.liferaytest2.com.
Suppose I have a Site named Help, so when I click on help site link in My Sites portlet then instead of staying with www.liferaytest2.com domain it redirects me with www.liferaytest1.com domain.
This is due to virtual host mapping done in liferay.
Second Concern
When I am accessing the portal with www.liferaytest2.com and subscribe to any of the Assets then the links in email contain the virtual host domain i.e www.liferaytest1.com.
How to overcome above mention issues?
My requirement is to stay relative to the portal accessing domain.
When I access portal via www.liferaytest2.com then it should not redirect me to www.liferaytest1.com on-click of any of the Site-links as explained above and also emails that I would be getting should also be relative to the domain I am accessing i.e. www.liferaytest2.com.
First of all: You're not required to use that feature - it's implemented in a certain way (e.g. as you describe) and if that doesn't suit your needs, there's no need to configure individual virtual hosts. There's no problem serving all content through just a single virtual host or do the resolution on Apache (e.g.) - that is, fully external to Liferay. The only drawback is that you'll need the clue of the site you want to access (e.g. /web/guest as part of the URL) so that Liferay knows what content to serve.
However, you might be closer to what you'd like to achieve if you change URLs to a structure like test1.example.com and test2.example.com - this way you share at least the toplevel domain and might be able to do some cheaper single-sign-on (you can still do SSO with completely different domains)
You don't need to change the virtual host in Control Panel → Portal Setting for such requirement. Rather keep it to localhost. This will resolve both of your concerns.
Next you want to access portal using two different domain, you can do it through DNS settings. Map both to same IP (the IP of Liferay portal) and you will reach Liferay portal using any one. It will not change the url and will stay from the name initiated.